next up previous contents
Next: Binding protocols and unsigned Up: Facets and interfaces Previous: Node facets   Contents


Mediation and security

Service sessions are not direct connections between netlets; that would not be secure enough. Instead the node mediates sessions, ensuring local security requirements are enforced. What a netlet uses is actually a proxy. The proxy runs in the netlet's own class space; the real work is done by the netlet/service/node running in its own class space. The mediation is performed by the node's mediator.3.2

In fact, the node mediates all links between a netlet and the rest of the world, including networking and file system use. Figure [*] is a refinement of Figure [*](d). It shows where the mediation boundary is between class spaces.

For auditing and security, and because mediation is necessary, a facet or service cannot live without its provider netlet. In Figure [*] if the access point netlet dies then the service connection is terminated and its facets become useless to the consumer netlet. Similarly in Figure [*] if the provider netlet dies then all its facets go with it.

Figure: A refinement of Figure [*](d). All binding is mediated by the node.
 

\resizebox*{0.7\textwidth}{!}{\includegraphics{images/binding-detail-e-colour.eps}}

next up previous contents
Next: Binding protocols and unsigned Up: Facets and interfaces Previous: Node facets   Contents
Nik Silver 2002-03-09